projects / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b32aa8e) | patch
Update documentation with Diffie-Hellman best practices.
authorEmilia Kasper <emilia@openssl.org>
Tue, 12 May 2015 14:10:05 +0000 (16:10 +0200)
committerEmilia Kasper <emilia@openssl.org>
Wed, 20 May 2015 12:54:51 +0000 (14:54 +0200)
commitdcbc03ede7625f6a1023389196f62aff8916ce4b
tree2ccd5c2df029a1c0c86eeaccb7e1b48906177595tree | snapshot
parentb32aa8e63eba643f9c510af2838f1534de70bd2ecommit | diff
Update documentation with Diffie-Hellman best practices.
- Do not advise generation of DH parameters with dsaparam to save
computation time.
- Promote use of custom parameters more, and explicitly forbid use of
built-in parameters weaker than 2048 bits.
- Advise the callback to ignore <keylength> - it is currently called
with 1024 bits, but this value can and should be safely ignored by
servers.

Reviewed-by: Rich Salz <rsalz@openssl.org>
doc/ssl/SSL_CTX_set_tmp_dh_callback.pod diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.